This is a bug in MessageRouter. Its invoke method has the line
if (providerType == DeploymentDescriptor.PROVIDER_JAVA) {
However, RPCRouter, which does not have the bug, reads
if (providerType == DeploymentDescriptor.PROVIDER_JAVA ||
providerType == DeploymentDescriptor.PROVIDER_USER_DEFINED) {
This means MessageRouter tries to handle the services for custom providers as scripts
instead of Java classes.
Scott Nichol
Do not send e-mail directly to this e-mail address,
because it is filtered to accept only mail from
specific mail lists.
----- Original Message -----
From: "Sandip Satpathy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 01, 2004 3:15 AM
Subject: Fw: Enable HTTP Basic Authentication for soap service
Hi,
Need some help to enable Basic HTTP Authentication for SOAP service (messaging). I am
interested deploying the service in IBM WAS.
A article in http://www.soapuser.com/sb_02jul02.html explains about a possible
approach to enable http basic authentication.
It says use a modified provider instead of the default one, in this case
"MsgJavaProvider.class".
The trivial form of modified provider is written as follows:
/************MsgHTTPBasicAuthProvider.java***********************/
package mmssoap.soap.providers.jataayu ;
import java.io.* ;
import javax.servlet.* ;
import javax.servlet.http.* ;
import org.apache.soap.* ;
import org.apache.soap.rpc.* ;
import org.apache.soap.server.* ;
import org.apache.soap.server.http.* ;
import org.apache.soap.util.* ;
import org.apache.soap.encoding.soapenc.Base64;
public class MsgHTTPBasicAuthProvider implements Provider {
protected DeploymentDescriptor dd ;
protected Envelope envelope ;
protected Call call ;
protected String methodName ;
protected String targetObjectURI ;
protected HttpServlet servlet ;
protected HttpSession session ;
protected Object targetObject ;
public void locate( DeploymentDescriptor dd, Envelope env, Call call, String
methodName, String targetObjectURI, SOAPContext reqContext)
throws SOAPException {
HttpServlet servlet = (HttpServlet) reqContext.getProperty(
Constants.BAG_HTTPSERVLET );
HttpSession session = (HttpSession) reqContext.getProperty(
Constants.BAG_HTTPSESSION );
// BASIC AUTHENTICATION PART
{
HttpServletRequest rq = (HttpServletRequest)
reqContext.getProperty(Constants.BAG_HTTPSERVLETREQUEST);
try {
String auth = rq.getHeader ("Authorization");
auth = auth.substring (auth.indexOf (" "));
String decoded = new String(Base64.decode(auth));
int i = decoded.indexOf (":");
String username = decoded.substring (0,i);
String password = decoded.substring (i+1, decoded.length ());
if (!fetchPasswordFromUser(username).equals(password))
throw new SOAPException(Constants.FAULT_CODE_PROTOCOL,"Authentication
failed");
} catch (Exception e) {
System.err.println ("Authentication Information Not Found. ERROR [" +
e.getMessage () + "]") ;
throw new SOAPException(Constants.FAULT_CODE_PROTOCOL, "Authentication
failed");
}
}
System.err.println ("Authentication SUCCESSFUL") ;
this.dd = dd ;
this.envelope = env ;
this.call = call ;
this.methodName = methodName ;
this.targetObjectURI = targetObjectURI ;
this.servlet = servlet ;
this.session = session ;
ServletConfig config = servlet.getServletConfig();
ServletContext context = config.getServletContext ();
ServiceManager serviceManager =
ServerHTTPUtils.getServiceManagerFromContext (context);
// Default processing for 'java' and 'script' providers.. call on a valid
method name?
if (!MessageRouter.validMessage (dd, methodName)) {
throw new SOAPException (Constants.FAULT_CODE_SERVER, "Method '" + methodName
+ "' is not supported.");
}
// get at the target object
targetObject = ServerHTTPUtils.getTargetObject(serviceManager, dd,
targetObjectURI, servlet, session, reqContext, context);
};
public void invoke(SOAPContext reqContext, SOAPContext resContext)
throws SOAPException { // invoke the method on the target object
try {
MessageRouter.invoke( dd, envelope, targetObject, methodName, reqContext,
resContext ); // Line 149
}
catch( Exception e ) {
if ( e instanceof SOAPException ) throw (SOAPException ) e ;
e.printStackTrace( System.err) ;
throw new SOAPException( Constants.FAULT_CODE_SERVER, e.toString() );
}
};
public String fetchPasswordFromUser (String UserName)
{// expecting username and password to be same
return UserName ;
};
};
/************************** END *************************/
The service is deployed with changed Deployment desciptor:
/************************** dds.xml **********************/
<root>
<isd:service xmlns:isd="http://xml.apache.org/xml-soap/deployment";
id="urn:mm7interface" type="message" checkMustUnderstands="false">
<isd:provider type="mmssoap.soap.providers.jataayu.MsgHTTPBasicAuthProvider"
scope="Application" methods="MyMethod">
<isd:java class="mmssoap.server.Interface" static="false"/>
</isd:provider>
<isd:faultListener>org.apache.soap.server.DOMFaultListener</isd:faultListener></isd:service>
</root>
/************************** END ************************/
Now when the client sends a request, the authentication is performed. However on
success I am getting "ClassCastException"
<?xml version='1.0' encoding='UTF-8'?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";>
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>Exception from service object: mmssoap.server.MM7Interface</faultstring>
<faultactor>/mm7soap/servlet/messagerouter</faultactor>
<detail>
<stackTrace>java.lang.ClassCastException: mmssoap.server.MM7Interface
at org.apache.soap.server.InvokeBSF.service(InvokeBSF.java:116)
at java.lang.reflect.Method.invoke(Native Method)
at org.apache.soap.server.MessageRouter.invoke(MessageRouter.java:68)
at
mmssoap.soap.providers.jataayu.MsgHTTPBasicAuthProvider.invoke(MsgHTTPBasicAuthProvider.java:149)
at
org.apache.soap.server.http.MessageRouterServlet.doPost(MessageRouterServlet.java:268)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
com.ibm.servlet.engine.webapp.StrictServletInstance.doService(ServletManager.java:827)
at
com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(StrictLifecycleServlet.java:159)
:
:
:
</stackTrace></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
Can some tell me what has gone wrong and how to fix it ?
Regards,
- Sandip
----- Original Message -----
From: Sandip Satpathy
To: [EMAIL PROTECTED]
Sent: Thursday, December 21, 2000 6:12 AM
Subject: Enable Basic Authentication
May be a off the track question..
Can some one help me ?
I have a soap application deployed in websphere 4.0. How can I enable "basic
authentication" for all the HTTP request to "messagerouter" ?
So far I have tried following steps :(Steps as described in the advanced edition
handbook)
1. in AAT right click on Web Module and select properties
2. select the "advanced" tab
3. select the "login configuration" check box.
4. Set the authentication method to "Basic"
5. Set the Realm Name to "mm7soap"
6. Save / Update the ear.
How ever after redeploying the service a GET request to the "messagerouter" from
browser is not prompting me for user id and password.
Pls help.
Regards,
- sandip
